29 hack event(s)
Description of the event: BasisOS disclosed on X: “Due to a security breach, the Agentic FoF was compromised, resulting in approximately USD 531,000 in leaked funds. All vaults have now been suspended, and withdrawals from the Agentic FoF have also been paused pending the results of an internal investigation.”
Amount of loss: $ 531,000 Attack method: Unknown
Description of the event: Aerodrome, a DEX built on Base, posted on X that the centralized domains of Velodrome and Aerodrome were hijacked on November 21 due to an internal security vulnerability at NameSilo, resulting in redirection to malicious content. With the rapid response from security partners including Blockaid, Groom Lake, Security Alliance, and FTI Consulting, MetaMask and Coinbase Wallet displayed warnings within two minutes, and the issue was fully mitigated within four hours. The incident resulted in approximately $700,000 in losses.
Amount of loss: $ 700,000 Attack method: Domain Hijacking
Description of the event: According to CertiK’s monitoring, the Moonwell lending contract suffered multiple attack transactions. The attacker exploited an incorrect oracle price for wrst (around USD 5.8 million). By using a flash loan of only about 0.02 wrstETH and depositing it, the attacker repeatedly borrowed over 20 wstETH, gaining 295 ETH (approximately USD 1 million) in profit.
Amount of loss: $ 1,000,000 Attack method: Oracle Attack
Description of the event: According to the incident analysis report released by Arcadia Finance, at 04:05 AM UTC on July 15, 2025, an active exploit targeting a series of peripheral contracts occurred. The attacker abused the delegated powers of Arcadia account owners on the rebalancer and compounder asset manager contracts, resulting in a loss of approximately $3.6 million. This exploit was limited to the asset manager contracts; lending and token contracts were not affected.
Amount of loss: $ 3,600,000 Attack method: Contract Vulnerability
Description of the event: Impermax was attacked on the Base network. In a tweet, Impermax stated that someone launched a flash loan attack and drained its V3 liquidity pools. The team is currently investigating and advises users not to interact with any V3 pools.
Amount of loss: $ 400,000 Attack method: Flash Loan Attack
Description of the event: According to monitoring by the SlowMist security team, due to a lack of input validation in @odosprotocol, the vulnerability has been exploited across multiple chains, resulting in approximately $100,000 in losses. ODOS stated in a post that the attack exploited a vulnerability in its audited executor contract, allowing the theft of revenue stored within the contract but not affecting any user funds.
Amount of loss: $ 100,000 Attack method: Contract Vulnerability
Description of the event: Multiple attack transactions targeting the Alien Base BunniHub contract resulted in a loss of approximately $38,000.
Amount of loss: $ 38,000 Attack method: Contract Vulnerability
Description of the event: Virtuals Protocol announced on X that their official Discord server has been compromised. They advised users not to click on any posts or private messages from administrators until further notice.
Amount of loss: - Attack method: Account Compromise
Description of the event: Standing on Bizness (BIZNESS) appears to have been subjected to a reentrancy attack on Base, resulting in an estimated loss of $15,700.
Amount of loss: $ 15,700 Attack method: Reentrancy Attack
Description of the event: According to community feedback, the official X account of the Meme token Brett on the Base chain has reportedly been compromised and used to post false information. Please stay vigilant against related risks.
Amount of loss: - Attack method: Account Compromise
Description of the event: Base chain detected a price manipulation attack targeting unverified lending contracts, where the attacker gained around $1 million in tokens through excessive borrowing.
Amount of loss: $ 1,000,000 Attack method: Price Manipulation
Description of the event: The yield-optimizing DeFi protocol BaseBros Fi has vanished after executing a rug pull via an unaudited smart contract.
Amount of loss: $ 130,000 Attack method: Rug Pull
Description of the event: ETHTrustFund conducted a rugpull and stole approximately $2 million worth of cryptocurrencies on Base.
Amount of loss: $ 2,000,000 Attack method: Rug Pull
Description of the event: According to community feedback, the Base ecosystem's meme coin NORMIE has been attacked. The attacker exploited a design flaw in the NORMIE token's cross-chain bridge, manipulating the price on the Base Chain using flash loans. Since transactions with NORMIE on the Base Chain incur taxes, these taxes are automatically directed to a wallet controlled by the project team. The attacker injected a large amount of funds into this wallet via flash loans, significantly diluting the token's supply and causing a flash crash in the price.
Amount of loss: $ 882,000 Attack method: Flash Loan Attack
Description of the event: According to the SlowMist Security Alert system, potential suspicious activities related to Tsuru have resulted in a loss of 138.78 ETH.
Amount of loss: $ 410,000 Attack method: Contract Vulnerability
Description of the event: Grand Base, a real world assets platform built on the Base layer-2 blockchain, the team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project. On April 20th, Grand Base tweeted that during the token reboot process, the team had managed to retrieve our veNFTs from the hacked address and transferred them to a multi-sig wallet. The veNFT position represents and amount of $225,000 and will be used to build robust liquidity when the time comes.
Amount of loss: $ 2,000,000 Attack method: Private Key Leakage
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000. The root cause of the exploit is a lack of reentrancy protection, which led to the manipulation of the underlying assets.
Amount of loss: $ 310,000 Attack method: Reentrancy Attack
Description of the event: Sumer Money was exploited on the Base chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $310,000.
Amount of loss: $ 310,000 Attack method: Contract Vulnerability
Description of the event: TICKER project developer steals $900,000. A developer brought on to run a presale for the TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.
Amount of loss: $ 900,000 Attack method: Insider Manipulation
Description of the event: The project Detto Finance in the Base ecosystem is suspected of a rug pull, with its social media accounts currently inaccessible, resulting in approximately $95,000 in losses.
Amount of loss: $ 94,147 Attack method: Rug Pull